Filtered by vendor Kerlink
Subscriptions
Filtered by product Keros
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32388 | 1 Kerlink | 1 Keros | 2025-12-02 | 5.3 Medium |
| Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected. | ||||
| CVE-2024-32384 | 1 Kerlink | 1 Keros | 2025-12-02 | 6.8 Medium |
| Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device. | ||||
| CVE-2024-39148 | 1 Kerlink | 1 Keros | 2025-12-02 | 8.1 High |
| The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall. | ||||
Page 1 of 1.